using Microsoft.AspNetCore.Mvc;
using AdminSystem.API.DTOs;
using AdminSystem.API.Services;

namespace AdminSystem.API.Controllers
{
    [ApiController]
    [Route("api/[controller]")]
    public class AuthController : ControllerBase
    {
        private readonly IAuthService _authService;

        public AuthController(IAuthService authService)
        {
            _authService = authService;
        }

        [HttpPost("login")]
        public async Task<ActionResult<LoginResponseDto>> Login([FromBody] LoginDto loginDto)
        {
            var result = await _authService.LoginAsync(loginDto);
            
            if (result == null)
            {
                return Unauthorized(new { message = "Invalid username or password" });
            }

            return Ok(result);
        }

        [HttpPost("refresh")]
        public async Task<ActionResult<string>> RefreshToken()
        {
            // This would typically validate the refresh token and generate a new access token
            // For simplicity, we'll just return a placeholder
            return Ok(new { message = "Token refresh endpoint - implement as needed" });
        }
    }
}
